TRAI chief reveals Aadhar number challenging hackers, security researcher responds with whole host of personal info

The Aadhar card has been a hotly debated topic in India over the last couple of years. The Government has been pushing for the mandatory linking of citizens’ Aadhar numbers with a whole host of things ranging from bank accounts to Government subsidies.

However, the security and privacy of the Aadhar system has been heavily questioned. There have been several reported leaks and security issues in the recent past, and we’re linking to just a few of them here :

Rs 500, 10 minutes, and you have access to billion Aadhaar details
Aadhaar faces yet another data leak allowing access to personal data to “all” enrolled in the system: Report
Aadhaar privacy row: SC raps govt as 134,000 Indians’ data leaked

The move to create, access and link the Aadhar database has sparked privacy violation concerns among some activists and campaigners. More than two dozen petitions were filed in the Supreme Court challenging the constitutional validity of Aadhaar and the verdict was reserved after hearings concluded in May.

Many in the Government, UIDAI and the telecom industry have vehemently  defended the security features of Aadhar. TRAI chairman, R.S. Sharma is among them. In an attempt to prove the solidity of the system he tweeted an open challenge:

 

Within a few hours, French security researcher, Elliot Alderson replied with the phone number linked to the given Aadhar number.

 

But Alderson, who describes himself in his Twitter profile as the “worst nightmare of Oneplus, Wiko, UIDAI, Kimbho and others” wasn’t done there. Soon he had published his home address, date of birth, Whatsapp profile picture, email ID, alternate email ID and more.

Another user, came up with the screenshot of Mr. Sharma’s PAN application.

 

However, Alderson did seem to slip up when he said that the Aadhar number was not linked to any bank account. R.S. Sharma claimed that he had all his bank accounts linked to Aadhar. He also made the point that his date of birth and address are no state secret and have already been available on the Government of India portals for 40 years.

Eventually Alderson tweeted, “People managed to get your personal address, DoB and your alternate phone number. I stop here, I hope you will understand why make your Aadhaar number public is not a good idea.”

 

Alderson also had 1 final warning for Mr. Sharma :

 

 

Leave a Reply